Re: How do you make your life secure (software based)?

To: debian-user@lists.debian.org
Subject: Re: How do you make your life secure (software based)?
From: Ron Johnson <ron.l.johnson@cox.net>
Date: Mon, 26 Nov 2007 22:23:27 -0600
Message-id: <[🔎] 474B9BBF.9070200@cox.net>
In-reply-to: <[🔎] 20071127022428.GB7075@titan.hooton>
References: <[🔎] 474A9931.4070005@gmail.com> <[🔎] 20071126121734.GB14210@wasteland.homelinux.net> <[🔎] 39ea6580711260738m5fa60870u72fc226752e1c21@mail.gmail.com> <[🔎] 474B37CA.2050100@cox.net> <[🔎] 20071127022428.GB7075@titan.hooton>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/26/07 20:24, Douglas A. Tutty wrote:
> On Mon, Nov 26, 2007 at 03:16:58PM -0600, Ron Johnson wrote:
> 
> Lets look at this and see how feasable it is and still make having an
> internet connection worth-while.  If you want a truely secure internet,
> don't use the internet.  Buy a true copy of OpenBSD (since you can be
> more sure that its real than someone's download-and-burn of Debian's).
> Never connect to the internet and use the computer locally only.  I've
> heard that a top status-symbol at CIA is the NON-NETWORKED computer.

Sure.  It's takes real effort to get malware onto a stand-alone
computer inside a "secure" building.

>> If you want your internet existence to be totally secure:
>> a) *Never* conduct financial transactions on-line,
> 
> OK.  Telephone I guess.  Do banks still have their own network or do
> they use the Internet (perhaps IPSec or something over standard
> Internet)?

Most non-small companies get their own lines separate from "the cloud".

>> b) never give out any personally identifiable information,
> 
> OK.
> 
>> c) never discuss anything the least bit controversial,
> 
> Anything you say will be controversial to someone, or at least open to
> interpretation.  Very few of us are skilled professional diplomats who
> live and breath nuance communication.

If you want to be secure, learn to keep your mouth shut.

>> d) never use a SIP phone[0],
> 
> OK.
> 
>> e) Skype seems secure, but the Germans[1] might have cracked
>>    it and be blowing smoke in order to get Bad Guys to use
>>    encrypted Skype,
> 
> Heh.  Not that I know what a Skype is.

http://en.wikipedia.org/wiki/Skype

>> f) use the w3m browser,
> 
> What is it that makes w3m more secure?  Is it fewer features or is it
> really designed to be better?  Presumably it doesn't have Java.  Is it
> more secure than the Lynx (patched) that is included in OpenBSD base?

http://en.wikipedia.org/wiki/W3m

No Java, no JavaScript, but more full-featured than lynx.

>> g) use Mutt or Alpine,
> 
> I don't see Alpine in Etch.  It makes sense that Mutt being only a MUA
> could be more secure than something that shares code with an unsecure
> browser.  Why else?

Smaller than Tbird, less to go wrong, mail-based malware vectors
assume GUI MUA, not text MUA.

>> h) never send cleartext email,
> 
> Why?  Or is it just that over time you build up a large amount of public
> writing that may give away hints that aren't noticable in individual
> posts?

Yup.  If it's encrypted, Carnivore/Eschelon/etc has a much more
difficult time detecting what you write.

>> i) only email a select group of friends & always use GPG,
> 
> So don't ask for help on DU?

Afraid so.

>> j) never use IM, bittorrent, ftp, etc,
> 
> IM: OK
> bittorrent: OK, but why, if the MD5sum checks out?

ISPs can easily detect that you are running bittorrent.  This means
they can send your name to RIAA/MPAA, etc.

> ftp:  Why?  If you get the MD5sum via another route, e.g. http from
> another server?

But it still all feeds thru your ISP.

> Would you include, e.g. cvs updates from openbsd.org (in order to get
> security patches) in this?

Just one loose lip sinks a ship can sink a ship.

> I use an ftp mirror for my debian debs.  Is it less secure than http?

They are both clear-text.

>> k) install minimal OpenBSD on your desktop,
> 
> While I'm sure the OBSD people would agree, with the same apps
> installed, is OBSD really more secure than Debian?

They seem to do a better job at code reviews, and also build
everything with buffer overflow protection.

Is OBSD perfect?  No.  And the obsession with security means that
other parts of the kernel suffer pretty badly in modern features.

>> l) run really-minimal OpenBSD on your tight firewall.
>>
> 
> Ditto?

Yup.

> 
> Other than not sending plain-text email (e.g. to DU) or using FTP, this
> looks really easy to follow.

- --
Ron Johnson, Jr.
Jefferson LA  USA

%SYSTEM-F-FISH, my hovercraft is full of eels
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHS5u/S9HxQb37XmcRAnOhAJsGJD1SEIe9qyVh3Xv6nkbV6Ey5PwCfdjK1
rUexh+ToGq9/qmX+RT8J4hw=
=6csE
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: How do you make your life secure (software based)?
  - From: John Hasler <jhasler@debian.org>

References:
- How do you make your life secure (software based)?
  - From: Jabka Atu <mashrom.head@gmail.com>
- Re: How do you make your life secure (software based)?
  - From: Jochen Schulz <ml@well-adjusted.de>
- Re: How do you make your life secure (software based)?
  - From: "Jabka Atu" <mashrom.head@gmail.com>
- Re: How do you make your life secure (software based)?
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: How do you make your life secure (software based)?
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>

Prev by Date: Re: terminal-metapackage
Next by Date: Re: terminal-metapackage
Previous by thread: Re: How do you make your life secure (software based)?
Next by thread: Re: How do you make your life secure (software based)?
Index(es):
- Date
- Thread